On September 14th, 2017, we published revised versions of our Privacy Policy, Terms of Service and Website Use Policy and published a Cookie Policy. Your continued use of Lynda.com means you agree to these revised documents, so please take a few minutes to read and understand them.

Cross-site scripting (XSS)

…Throughout this chapter, we will discuss how you can defend…against the most common attacks on web servers and web applications.…We will briefly discuss each attack.…The course Foundations of Programming Web…Security describes each attack in more detail.…Here we're going to focus primarily on the solutions.…We'll begin by looking at Cross-Site Scripting or XSS for short.…Cross-site scripting is when a hacker is able to inject…arbitrary JavaScript code into someone else's webpage, and it's used to…trick users of that webpage into running that JavaScript code and…it can even be used to steal cookies from their browser.…

A sketch of a typical cross site scripting attack looks something like this.…Imagine a hacker gets a user to click a link,…and that link is to a register.PHP page on your site.…And it includes a URL parameter for email.…But instead of providing an email address, the hacker has used JavaScript instead.…When the page loads, your PHP code constructs…the HTML to send back to the browser.…And it echos the value of email that was sent in the get parameters.…

Resume Transcript Auto-Scroll

Author

Released

6/30/2014

Hackers target PHP web applications more often than other sites because most PHP code is written by developers with little security experience. Protecting web applications from these attacks has become an essential skill for all PHP developers. Creating Secure PHP Websites shows you how to meet the most important security challenges when developing websites with PHP. Instructor Kevin Skoglund covers the techniques and PHP code needed to develop sites that are more secure, and to avoid common mistakes. Learn how to configure PHP properly and filter input and escape output. Then check out step-by-step defenses against the most common forms of attack, and the best practices to use for encryption and user authentication.